If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

For anyone interested in security management

Hi,

This is just a small message to make forum members aware of a new book in the area of information security management - "A Practical Guide to Managing Information Security", Steve Purser, Artech House (2004). My apologies if this is not the right place to post this message - the other messages in this area made me think that some members might be interested in this book.

I wrote this book in response to questions that have been sent to me following conferences and seminars that I have given over the past few years. The goal of the book is to present what I believe are the major challenges in managing information security in modern commercial environments and to provide a set of practical methods and tools for meeting these challenges. By necessity, I have concentrated on what I consider to be the most important issues in today's environments and this is not a catalogue of security techniques.

In a nutshell, the book shows how to design and successfully implement an information security strategy, whilst still responding appropriately to short-term requirements. In order to do this, the book covers the following topics, using a case study to illustrate the method:

- A descrription of what I believe to be the major issues in today's environments.
- An overview of methods and tools currently available to managers.
- A description of the management approach
- How to define, agree and implement an information security strategy.
- How to use policy and standards effectively.
- How to improve the scalability and flexibility of the current process.
- How to design and implement an IT Security Architecture.
How to create a security-minded culture.

This is a book for practitioners and is based on real experience. I have made every effort to show where and why things can go wrong and how to avoid such problems. I hope it will help managers avoid the mistakes I made in the past.

Amazon.com and amazon.co.uk both have references posted by readers and amazon.com provides a facility for looking at extracts within the book. I think that links expire for book searches, so its better to do a search on 'steve purser' within these sites. Finally, there is also a small review on the bookpool site.

Please note however that this book is not likely to be useful as preparation for a CISSP exam (or similar exams) - I hope that it will be very useful for understanding how decisions are taken in the real world and how security managers can agree solutions that reflect the interests of ALL the concerned parties.